Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDVSA-2009:042 ] samba
From: security () mandriva com
Date: Wed, 18 Feb 2009 20:48:01 +0100


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:042
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : samba
 Date    : February 18, 2009
 Affected: 2009.0
 _______________________________________________________________________

 Problem Description:

 Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows
 remote authenticated users to access the root filesystem via a crafted
 connection request that specifies a blank share name (CVE-2009-0022).
 
 This update provides samba 3.2.7 to address this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0022
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 f9672d52051da5b814933c2f764cf665  2009.0/i586/libnetapi0-3.2.7-0.1mdv2009.0.i586.rpm
 8395587171c03b986d6c6debe32d421d  2009.0/i586/libnetapi-devel-3.2.7-0.1mdv2009.0.i586.rpm
 419e8930d9a83af98db87db40b532159  2009.0/i586/libsmbclient0-3.2.7-0.1mdv2009.0.i586.rpm
 79a9ddeaad8356546d77f40e5f8823b6  2009.0/i586/libsmbclient0-devel-3.2.7-0.1mdv2009.0.i586.rpm
 674ed223557b5c9bf137782cf7a24d89  2009.0/i586/libsmbclient0-static-devel-3.2.7-0.1mdv2009.0.i586.rpm
 fca38c8651f2dfc79314d4184f9bbfa0  2009.0/i586/libsmbsharemodes0-3.2.7-0.1mdv2009.0.i586.rpm
 a863211596f28dc756d79896f4e9e161  2009.0/i586/libsmbsharemodes-devel-3.2.7-0.1mdv2009.0.i586.rpm
 f307514ed1e44e777cc852f0314b6159  2009.0/i586/libtalloc1-3.2.7-0.1mdv2009.0.i586.rpm
 642ff276c29471425bff0536aeb9bfdf  2009.0/i586/libtalloc-devel-3.2.7-0.1mdv2009.0.i586.rpm
 915958f5aefa05cbcf7e9932351aaec5  2009.0/i586/libtdb1-3.2.7-0.1mdv2009.0.i586.rpm
 5b0826d63a36305f2eb55cd73bce0fb0  2009.0/i586/libtdb-devel-3.2.7-0.1mdv2009.0.i586.rpm
 630fdfaf7ed4bb735f904c655fd7229a  2009.0/i586/libwbclient0-3.2.7-0.1mdv2009.0.i586.rpm
 625d0733d9862bee6491695001b3f495  2009.0/i586/libwbclient-devel-3.2.7-0.1mdv2009.0.i586.rpm
 24b1dedd7adc4a4b8f41f4049c521190  2009.0/i586/mount-cifs-3.2.7-0.1mdv2009.0.i586.rpm
 786b41af61e1231261d8a691e051e6e8  2009.0/i586/nss_wins-3.2.7-0.1mdv2009.0.i586.rpm
 3e7c63f3a2252d8222054a77fe51eb0b  2009.0/i586/samba-client-3.2.7-0.1mdv2009.0.i586.rpm
 0243aebbb4d47aa1fab3e8498f2bc0ed  2009.0/i586/samba-common-3.2.7-0.1mdv2009.0.i586.rpm
 5fb67d67607d4e70c2395917f57143a7  2009.0/i586/samba-doc-3.2.7-0.1mdv2009.0.i586.rpm
 d7231c511a3a3e99d9c611a1942e112d  2009.0/i586/samba-server-3.2.7-0.1mdv2009.0.i586.rpm
 196ed3589e5cbb63de16098ee947ce78  2009.0/i586/samba-swat-3.2.7-0.1mdv2009.0.i586.rpm
 bef4656a6f1d3e1e303a82ce5a5736e8  2009.0/i586/samba-winbind-3.2.7-0.1mdv2009.0.i586.rpm 
 20b63670ed98d96b046929b19d03b17a  2009.0/SRPMS/samba-3.2.7-0.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 8543b1c900940717ce87593bcd894ddd  2009.0/x86_64/lib64netapi0-3.2.7-0.1mdv2009.0.x86_64.rpm
 f8a4585909a44f037d90f3f40f5408a7  2009.0/x86_64/lib64netapi-devel-3.2.7-0.1mdv2009.0.x86_64.rpm
 5e8baaab26d9b709d4b04f7bde88e9a8  2009.0/x86_64/lib64smbclient0-3.2.7-0.1mdv2009.0.x86_64.rpm
 797b7746caa92c8ea28a3e1fa218659a  2009.0/x86_64/lib64smbclient0-devel-3.2.7-0.1mdv2009.0.x86_64.rpm
 b1ec784b83915df65a7f1d6c06ce46c3  2009.0/x86_64/lib64smbclient0-static-devel-3.2.7-0.1mdv2009.0.x86_64.rpm
 b4cbff234e2ce3098b79887097ec1f98  2009.0/x86_64/lib64smbsharemodes0-3.2.7-0.1mdv2009.0.x86_64.rpm
 26cd1508a8d960e01b1476d64e9a073c  2009.0/x86_64/lib64smbsharemodes-devel-3.2.7-0.1mdv2009.0.x86_64.rpm
 c4ce64515ad474fcfc4a33ba78e8bc25  2009.0/x86_64/lib64talloc1-3.2.7-0.1mdv2009.0.x86_64.rpm
 eff77f2eeff1b0f715da1cd6b9885122  2009.0/x86_64/lib64talloc-devel-3.2.7-0.1mdv2009.0.x86_64.rpm
 85c16b38fa72a572ff1c09d1de454fb4  2009.0/x86_64/lib64tdb1-3.2.7-0.1mdv2009.0.x86_64.rpm
 937d1d412b06fe68e8bd6175c5dbb967  2009.0/x86_64/lib64tdb-devel-3.2.7-0.1mdv2009.0.x86_64.rpm
 85fd89501e053f3cd34ec78fbe140803  2009.0/x86_64/lib64wbclient0-3.2.7-0.1mdv2009.0.x86_64.rpm
 9d2f55f2a15164e6188b967f99632572  2009.0/x86_64/lib64wbclient-devel-3.2.7-0.1mdv2009.0.x86_64.rpm
 f90927126796e521d371749467dc115d  2009.0/x86_64/mount-cifs-3.2.7-0.1mdv2009.0.x86_64.rpm
 e51ea5546011dee07fc7f1d1dbbdf04f  2009.0/x86_64/nss_wins-3.2.7-0.1mdv2009.0.x86_64.rpm
 40f9be5aafb9a4e7562479fc54414825  2009.0/x86_64/samba-client-3.2.7-0.1mdv2009.0.x86_64.rpm
 22a9db213304d56ba1837a9686694478  2009.0/x86_64/samba-common-3.2.7-0.1mdv2009.0.x86_64.rpm
 d24f54f23ddf196170c2fe8e149e853f  2009.0/x86_64/samba-doc-3.2.7-0.1mdv2009.0.x86_64.rpm
 b3e8420a896d9defaebc749abceb5eb2  2009.0/x86_64/samba-server-3.2.7-0.1mdv2009.0.x86_64.rpm
 138562ffad186da5c639241c4d7971e5  2009.0/x86_64/samba-swat-3.2.7-0.1mdv2009.0.x86_64.rpm
 cff49e288971a75d4e2b5c812ed36a53  2009.0/x86_64/samba-winbind-3.2.7-0.1mdv2009.0.x86_64.rpm 
 20b63670ed98d96b046929b19d03b17a  2009.0/SRPMS/samba-3.2.7-0.1mdv2009.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJnDspmqjQ0CJFipgRAoziAJ95i+DU7idd4Z7cHdggnQiYhWWVkACggd3b
9QVCycWgndaXOr0nP7P/8bo=
=tWVM
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDVSA-2009:042 ] samba security (Feb 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]